MySQL  8.0.18
Source Code Documentation
sql_rewrite.h
Go to the documentation of this file.
1 /* Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
2 
3  This program is free software; you can redistribute it and/or modify
4  it under the terms of the GNU General Public License, version 2.0,
5  as published by the Free Software Foundation.
6 
7  This program is also distributed with certain software (including
8  but not limited to OpenSSL) that is licensed under separate terms,
9  as designated in a particular file or component or in included license
10  documentation. The authors of MySQL hereby grant you an additional
11  permission to link the program and your derivative works with the
12  separately licensed software that they have included with MySQL.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License, version 2.0, for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program; if not, write to the Free Software
21  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22 
23 #ifndef SQL_REWRITE_INCLUDED
24 #define SQL_REWRITE_INCLUDED
25 
26 #include <set>
27 #include "my_sqlcommand.h"
28 #include "table.h"
29 
30 /* Forward declarations */
31 class THD;
32 class LEX_GRANT_AS;
33 /**
34  Target types where the rewritten query will be added. Query rewrite might
35  vary based on this type.
36 */
37 enum class Consumer_type {
38  TEXTLOG, /* General log, slow query log and audit log */
39  BINLOG, /* Binary logs */
40  STDOUT /* Standard output */
41 };
42 
43 /**
44  An interface to wrap the paramters required by specific Rewriter.
45  Parameters required by specific Rewriter must be added in the concrete
46  implementation.
47  Clients need to wrap the parameters in specific concrete object.
48 */
50  protected:
51  virtual ~Rewrite_params() {}
52 };
53 
54 /**
55  Wrapper object for user related parameters required by:
56  SET PASSWORD|CREATE USER|ALTER USER statements.
57 */
58 class User_params : public Rewrite_params {
59  public:
60  User_params(std::set<LEX_USER *> *users_set)
61  : Rewrite_params(), users(users_set) {}
62  std::set<LEX_USER *> *users;
63 };
64 
65 /**
66  Wrapper object for parameters required by SHOW CREATE USER statement.
67 */
69  public:
70  Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex)
71  : Rewrite_params(),
73  print_identified_with_as_hex_(print_identified_with_as_hex) {}
76 };
77 
78 /**
79  Wrapper object for parameters required for GRANT statement.
80 */
81 class Grant_params : public Rewrite_params {
82  public:
83  Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
84  : Rewrite_params(),
85  grant_as_provided(grant_as_specified),
86  grant_as_info(grant_as) {}
89 };
90 
91 /**
92  Provides the default interface to rewrite the SQL statements to
93  to obfuscate passwords.
94  It either sets the thd->rewritten_query with a rewritten query,
95  or clears it if no rewriting took place.
96 */
98  Rewrite_params *params = nullptr);
99 /**
100  Provides the default interface to rewrite the ACL query.
101  It sets the thd->rewritten_query with a rewritten query.
102 */
104  Rewrite_params *params = nullptr,
105  bool do_ps_instrument = true);
106 
107 /**
108  An abstract base class to enable the implementation of various query
109  rewriters. It accepts a THD pointer and the intended target type where the
110  query will to be written. It either sets the thd->rewritten_query with a
111  rewritten query, or clears it if no rewriting took place. Concrete classes
112  must implement the rewrite() method to rewrite the query. Despite concrete
113  classes may accept additional parameters, it is recommended not to create
114  their objects directly.
115 */
116 class I_rewriter {
117  public:
118  /* Constructors and destructors */
120  virtual ~I_rewriter();
121  /* Prohibit the copy of the object */
122  I_rewriter(const I_rewriter &) = delete;
123  const I_rewriter &operator=(const I_rewriter &) = delete;
124  I_rewriter(const I_rewriter &&) = delete;
125  const I_rewriter &operator=(const I_rewriter &&) = delete;
126  /* Reset the previous consumer type before rewriting the query */
128  /* Return the current consumer type */
130  /* Concrete classes must implement the logic to rewrite query here */
131  virtual bool rewrite() const = 0;
132 
133  protected:
134  THD *const m_thd;
136 };
137 /**
138  Abstract base class to define the skeleton of rewriting the users, yet
139  deferring some steps to the concrete classes. The implementation in specific
140  steps might vary according to SQL or the consumer type.
141 */
142 class Rewriter_user : public I_rewriter {
143  protected:
144  Rewriter_user(THD *thd, Consumer_type target_type);
145  /*
146  Provides the skeleton to rewrite the users. The actual user is rewritten
147  through the concrete implementation of private methods.
148  */
149  void rewrite_users(LEX *lex, String *str) const;
150  /* Append the literal value <secret> to the str */
151  void append_literal_secret(String *str) const;
152  /* Append the password hash to the output string */
153  virtual void append_auth_str(LEX_USER *lex, String *str) const;
154  /* Append the authentication plugin name for the user */
155  void append_plugin_name(const LEX_USER *user, String *str) const;
156  /*
157  Rewrites some of the user specific properties which are common to
158  concrete classes.
159  */
160  virtual bool rewrite() const;
161  /*
162  Abstract method to be implemented by the concrete classes.
163  The implementation methos should add the user authID, plugin info and
164  auth str
165  */
166  virtual void append_user_auth_info(LEX_USER *user, bool comma,
167  String *str) const = 0;
168  /* Append the PASSWORD REUSE OPTIONS clause for users */
169  virtual void rewrite_password_history(const LEX *lex, String *str) const = 0;
170  /* Append the PASSWORD REUSE OPTIONS clause for users */
171  virtual void rewrite_password_reuse(const LEX *lex, String *str) const = 0;
172 
173  private:
174  /* Append the SSL OPTIONS clause for users */
175  void rewrite_ssl_properties(const LEX *lex, String *str) const;
176  /* Append the RESOURCES OPTIONS clause for users */
177  void rewrite_user_resources(const LEX *lex, String *str) const;
178  /* Append the ACCOUNT LOCK OPTIONS clause for users */
179  void rewrite_account_lock(const LEX *lex, String *str) const;
180  /* Append the PASSWORD EXPIRED OPTIONS clause for users */
181  void rewrite_password_expired(const LEX *lex, String *str) const;
182  /* Append the PASSWORD REQUIRE CURRENT clause for users */
183  void rewrite_password_require_current(LEX *lex, String *str) const;
184  /* Append the DEFAULT ROLE OPTIONS clause */
185  void rewrite_default_roles(const LEX *lex, String *str) const;
186 };
187 /** Rewrites the CREATE USER statement. */
190 
191  public:
193  bool rewrite() const override;
194 
195  private:
197  String *str) const override;
198  void rewrite_password_history(const LEX *lex, String *str) const override;
199  void rewrite_password_reuse(const LEX *lex, String *str) const override;
200 };
201 /** Rewrites the ALTER USER statement. */
204 
205  public:
207  bool rewrite() const override;
208 
209  private:
211  String *str) const override;
212  void rewrite_password_history(const LEX *lex, String *str) const override;
213  void rewrite_password_reuse(const LEX *lex, String *str) const override;
214 };
215 /** Rewrites the SHOW CREATE USER statement. */
218 
219  public:
221  Rewrite_params *params);
222  bool rewrite() const override;
223 
224  protected:
225  /* Append the password hash to the output string */
226  virtual void append_auth_str(LEX_USER *lex, String *str) const override;
227 
228  private:
230  String *str) const override;
231  void rewrite_password_history(const LEX *lex, String *str) const override;
232  void rewrite_password_reuse(const LEX *lex, String *str) const override;
234 };
235 /** Rewrites the SET statement. */
236 class Rewriter_set : public I_rewriter {
237  public:
239  bool rewrite() const override;
240 };
241 /*
242  Rewrites the SET PASSWORD statement
243 */
246 
247  public:
249  bool rewrite() const override;
250 
251  private:
252  /* Name of the user whose password has to be changed */
253  std::set<LEX_USER *> *m_users = nullptr;
254 };
255 
256 /** Rewrites the GRANT statement. */
258  public:
260  bool rewrite() const override;
261 
262  private:
263  /* GRANT AS information */
265 };
266 
267 /** Rewrites the CHANGE MASTER statement. */
269  public:
271  bool rewrite() const override;
272 };
273 
274 /** Rewrites the START SLAVE statement. */
276  public:
278  bool rewrite() const override;
279 };
280 /** Base class for SERVER OPTIONS related statement */
282  public:
284 
285  protected:
286  // Append the SERVER OPTIONS clause
287  void mysql_rewrite_server_options(const LEX *lex, String *str) const;
288 };
289 /** Rewrites the CREATE SERVER statement. */
292 
293  public:
295  bool rewrite() const override;
296 };
297 /** Rewrites the ALTER SERVER statement. */
300 
301  public:
303  bool rewrite() const override;
304 };
305 
306 /** Rewrites the PREPARE statement.*/
308  public:
310  bool rewrite() const override;
311 };
312 #endif /* SQL_REWRITE_INCLUDED */
virtual void rewrite_password_reuse(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD REUSE clause iff it is specified.
Definition: sql_rewrite.cc:592
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:671
void mysql_rewrite_server_options(const LEX *lex, String *str) const
Append the SERVER OPTIONS clause.
Definition: sql_rewrite.cc:1372
void rewrite_ssl_properties(const LEX *lex, String *str) const
Append the SSL clause for users iff it is specified.
Definition: sql_rewrite.cc:425
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:698
bool rewrite() const override
Rewrite the query for the SET PASSWORD statement.
Definition: sql_rewrite.cc:935
Rewriter_change_master(THD *thd, Consumer_type)
Definition: sql_rewrite.cc:1174
char * user
Definition: mysqladmin.cc:59
LEX_GRANT_AS * grant_as_info
Definition: sql_rewrite.h:88
bool rewrite() const override
Rewrite the query for the CREATE USER statement.
Definition: sql_rewrite.cc:648
Definition: sql_lex.h:3192
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin and auth str of the user to output string :
Definition: sql_rewrite.cc:746
Rewriter_slave_start(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1292
void rewrite_default_roles(const LEX *lex, String *str) const
Append the DEFAULT ROLE clause for users iff it is specified.
Definition: sql_rewrite.cc:625
Rewriter_create_user(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:640
Rewriter_alter_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1411
Rewriter_create_server(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1364
Rewriter_show_create_user(THD *thd, Consumer_type type, Rewrite_params *params)
Definition: sql_rewrite.cc:802
void mysql_rewrite_query(THD *thd, Consumer_type type=Consumer_type::TEXTLOG, Rewrite_params *params=nullptr)
Provides the default interface to rewrite the SQL statements to to obfuscate passwords.
Definition: sql_rewrite.cc:318
An abstract base class to enable the implementation of various query rewriters.
Definition: sql_rewrite.h:116
Rewriter_set_password(THD *thd, Consumer_type type, Rewrite_params *params)
Definition: sql_rewrite.cc:921
Consumer_type
Target types where the rewritten query will be added.
Definition: sql_rewrite.h:37
Base class for SERVER OPTIONS related statement.
Definition: sql_rewrite.h:281
Grant_params * grant_params
Definition: sql_rewrite.h:264
bool rewrite() const override
Rewrite the query for the ALTER SERVER statement.
Definition: sql_rewrite.cc:1420
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:710
bool print_identified_with_as_hex_
Definition: sql_rewrite.h:75
const string comma(" , ")
Rewrites the START SLAVE statement.
Definition: sql_rewrite.h:275
void rewrite_password_require_current(LEX *lex, String *str) const
Append the PASSWORD REQUIRE CURRENT clause for users.
Definition: sql_rewrite.cc:530
bool rewrite() const override
Rewrite the query for the PREPARE statement.
Definition: sql_rewrite.cc:1445
bool rewrite() const override
Rewrite the query for the GRANT statement.
Definition: sql_rewrite.cc:995
Using this class is fraught with peril, and you need to be very careful when doing so...
Definition: sql_string.h:161
virtual bool rewrite() const =0
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users iff it is specified.
Definition: sql_rewrite.cc:784
bool rewrite() const override
Rewrite the query for the SHOW CREATE USER statement.
Definition: sql_rewrite.cc:813
Rewriter_user(THD *thd, Consumer_type target_type)
Definition: sql_rewrite.cc:377
Consumer_type m_consumer_type
Definition: sql_rewrite.h:135
bool hide_password_hash
Definition: sql_rewrite.h:74
virtual void append_user_auth_info(LEX_USER *user, bool comma, String *str) const =0
bool rewrite() const override
Rewrite the query for the SET statement.
Definition: sql_rewrite.cc:904
Rewrites the SHOW CREATE USER statement.
Definition: sql_rewrite.h:216
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users iff it is specified.
Definition: sql_rewrite.cc:796
virtual ~I_rewriter()
Definition: sql_rewrite.cc:361
bool grant_as_provided
Definition: sql_rewrite.h:87
Definition: table.h:2367
Rewrites the ALTER USER statement.
Definition: sql_rewrite.h:202
bool rewrite() const override
Rewrite the query for the SLAVE START statement.
Definition: sql_rewrite.cc:1300
Wrapper object for user related parameters required by: SET PASSWORD|CREATE USER|ALTER USER statement...
Definition: sql_rewrite.h:58
THD *const m_thd
Definition: sql_rewrite.h:134
bool rewrite() const override
Rewrite the query for the ALTER USER statement.
Definition: sql_rewrite.cc:724
Show_user_params * show_params_
Definition: sql_rewrite.h:233
bool rewrite() const override
Rewrite the query for the CREATE SERVER statement.
Definition: sql_rewrite.cc:1391
Rewriter_prepare(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1436
Rewrites the PREPARE statement.
Definition: sql_rewrite.h:307
const I_rewriter & operator=(const I_rewriter &)=delete
#define final(a, b, c)
Definition: hash.c:109
void append_plugin_name(const LEX_USER *user, String *str) const
Append the authentication plugin name for the user.
Definition: sql_rewrite.cc:555
std::set< LEX_USER * > * users
Definition: sql_rewrite.h:62
void rewrite_user_resources(const LEX *lex, String *str) const
Append the user resource clauses for users.
Definition: sql_rewrite.cc:467
Definition: sql_rewrite.h:244
Abstract base class to define the skeleton of rewriting the users, yet deferring some steps to the co...
Definition: sql_rewrite.h:142
User_params(std::set< LEX_USER *> *users_set)
Definition: sql_rewrite.h:60
void mysql_rewrite_acl_query(THD *thd, Consumer_type type, Rewrite_params *params=nullptr, bool do_ps_instrument=true)
Provides the default interface to rewrite the ACL query.
Definition: sql_rewrite.cc:345
An interface to wrap the paramters required by specific Rewriter.
Definition: sql_rewrite.h:49
I_rewriter(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:356
Rewrites the ALTER SERVER statement.
Definition: sql_rewrite.h:298
std::set< LEX_USER * > * m_users
Definition: sql_rewrite.h:253
void rewrite_users(LEX *lex, String *str) const
Fetch the users from user_list in LEX struct and append them to the String.
Definition: sql_rewrite.cc:607
Consumer_type consumer_type()
Return the current consumer type set in the object.
Definition: sql_rewrite.cc:375
Rewrites the GRANT statement.
Definition: sql_rewrite.h:257
Rewrites the CHANGE MASTER statement.
Definition: sql_rewrite.h:268
int type
Definition: http_common.h:411
Grant_params(bool grant_as_specified, LEX_GRANT_AS *grant_as)
Definition: sql_rewrite.h:83
Show_user_params(bool hide_password_hash, bool print_identified_with_as_hex)
Definition: sql_rewrite.h:70
Rewrites the SET statement.
Definition: sql_rewrite.h:236
virtual void append_auth_str(LEX_USER *lex, String *str) const override
A special rewriter override to make SHOW CREATE USER convert the string to hex if print_identified_wi...
Definition: sql_rewrite.cc:830
void rewrite_account_lock(const LEX *lex, String *str) const
Append the ACCOUNT LOCK clause for users iff it is specified.
Definition: sql_rewrite.cc:494
virtual void rewrite_password_history(const LEX *lex, String *str) const =0
The default implementation is to append the PASSWORD HISTORY clause iff it is specified.
Definition: sql_rewrite.cc:576
void rewrite_password_history(const LEX *lex, String *str) const override
Append the PASSWORD HISTORY clause for users.
Definition: sql_rewrite.cc:856
void rewrite_password_expired(const LEX *lex, String *str) const
Append the PASSWORD EXPIRE clause for users iff it is specified.
Definition: sql_rewrite.cc:509
virtual void append_auth_str(LEX_USER *lex, String *str) const
Append the password hash to the output string.
Definition: sql_rewrite.cc:415
Definition: sql_lex.h:3178
Rewrites the CREATE SERVER statement.
Definition: sql_rewrite.h:290
Rewriter_set(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:894
virtual ~Rewrite_params()
Definition: sql_rewrite.h:51
Wrapper object for parameters required for GRANT statement.
Definition: sql_rewrite.h:81
Rewriter_grant(THD *thd, Consumer_type type, Rewrite_params *params)
Definition: sql_rewrite.cc:984
bool rewrite() const override
Rewrite the query for the CHANGE MASTER statement.
Definition: sql_rewrite.cc:1184
Rewrites the CREATE USER statement.
Definition: sql_rewrite.h:188
void append_user_auth_info(LEX_USER *user, bool comma, String *str) const override
Append the authID, plugin name and suth str user to output string.
Definition: sql_rewrite.cc:877
void append_literal_secret(String *str) const
Append the literal <secret> in place of password to the output string.
Definition: sql_rewrite.cc:405
Wrapper object for parameters required by SHOW CREATE USER statement.
Definition: sql_rewrite.h:68
void set_consumer_type(Consumer_type type)
Reset the previous consumer type.
Definition: sql_rewrite.cc:367
void rewrite_password_reuse(const LEX *lex, String *str) const override
Append the PASSWORD REUSE clause for users.
Definition: sql_rewrite.cc:866
Rewriter_server_option(THD *thd, Consumer_type type)
Definition: sql_rewrite.cc:1362
For each client connection we create a separate thread with THD serving as a thread/connection descri...
Definition: sql_class.h:778
virtual bool rewrite() const
Appends the essential clauses for SHOW CREATE|CREATE|ALTER USER statements in the thd->rewritten_quer...
Definition: sql_rewrite.cc:386
Rewriter_alter_user(THD *thd, Consumer_type type=Consumer_type::TEXTLOG)
Definition: sql_rewrite.cc:716